auto-key-retrieve considered harmful

Jeffrey Stedfast fejj at ximian.com
Sun Dec 7 09:32:09 CET 2003


On Sun, 2003-12-07 at 00:55, Christian Biere wrote:
> Hi,
> 
> unfortunately there are many tools which don't differ between
> trusted and untrusted keys e.g., the mail clients Sylpheed,
> Mulberry and probably hundreds of tools more. [Actually, it's
> beyond me how they can dare to implement OpenPGP support in 
> such a way. Either, do it the right way or just don't do it at 
> all.]
> 
> Let me imagine a world in which people are rather lazy. In this
> world people would turn put the line
> 
> 	keyserver-option auto-key-retrieve
> 
> into their gpg.conf. Now, everytime they get a signed mail
> with a key they don't have in their keyring, the key will
> be automatically retrieved from the keyserver. As they
> can't remember their buddies' key IDs they just believe in
> their mail clients' message "Good signature".
> 
> IMO, the documentation should at least contain a *big* *fat*
> *scary* warning about using that option. In the long run,
> maybe it's possible to at an option "auto-key-update" which
> would only try to retrieve an updated key in case the key
> is marked as expired or if discard fresh keys if they're
> not signed with a trusted signature.

you mean like this one?

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.

I don't know about other mail clients, but Evolution shows that when a
key is untrusted (probably due to an auto-key-retrieve)

Jeff





More information about the Gnupg-devel mailing list